Re: [PATCH v1] media: meson: vdec: Fix memory leak in error path of vdec_open

public inbox for linux-media@vger.kernel.org
 help / color / mirror / Atom feed

From: Nicolas Dufresne <nicolas@ndufresne.ca>
To: Anand Moon <linux.amoon@gmail.com>,
	Neil Armstrong	 <neil.armstrong@linaro.org>,
	Mauro Carvalho Chehab <mchehab@kernel.org>,
	 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Kevin Hilman <khilman@baylibre.com>,
	Jerome Brunet <jbrunet@baylibre.com>,
	 Martin Blumenstingl <martin.blumenstingl@googlemail.com>,
	Maxime Jourdan <mjourdan@baylibre.com>,
	Hans Verkuil	 <hverkuil@kernel.org>,
	"open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS"
	<linux-media@vger.kernel.org>,
	"open list:MESON VIDEO DECODER DRIVER FOR AMLOGIC SOCS"
	<linux-amlogic@lists.infradead.org>,
	"open list:STAGING SUBSYSTEM"	 <linux-staging@lists.linux.dev>,
	"moderated list:ARM/Amlogic Meson SoC support"
	<linux-arm-kernel@lists.infradead.org>,
	open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v1] media: meson: vdec: Fix memory leak in error path of vdec_open
Date: Thu, 19 Mar 2026 16:35:10 -0400	[thread overview]
Message-ID: <9db109a657e18d1e5ead67d7db06cfaf68f7fa84.camel@ndufresne.ca> (raw)
In-Reply-To: <20260304100557.126488-1-linux.amoon@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2646 bytes --]

Hi,

Le mercredi 04 mars 2026 à 15:35 +0530, Anand Moon a écrit :
> If vdec_init_ctrls(sess) fails, or any subsequent initialization step
> during vdec_open fails, the control handler allocated for the session
> is not released. This causes a memory leak of the v4l2_ctrl_handler
> and its associated control objects.
> 
> Add a call to v4l2_ctrl_handler_free() in the err_m2m_release error
> path to ensure resources are properly reclaimed.
> 
> unreferenced object 0xffff0000205d6878 (size 8):
>   comm "v4l_id", pid 5289, jiffies 4294938580
>   hex dump (first 8 bytes):
>     40 d2 49 18 00 00 ff ff                          @.I.....
>   backtrace (crc d3204599):
>     kmemleak_alloc+0xc8/0xf0
>     __kvmalloc_node_noprof+0x60c/0x850
>     v4l2_ctrl_handler_init_class+0x1b4/0x2e8 [videodev]
>     vdec_open+0x1f4/0x788 [meson_vdec]
>     v4l2_open+0x144/0x460 [videodev]
>     chrdev_open+0x1ac/0x500
>     do_dentry_open+0x3f0/0xfe8
>     vfs_open+0x68/0x320
>     do_open+0x2d8/0x9a8
>     path_openat+0x1d0/0x4f0
>     do_filp_open+0x190/0x380
>     do_sys_openat2+0xf8/0x1b0
>     __arm64_sys_openat+0x13c/0x1e8
>     invoke_syscall+0xdc/0x268
>     el0_svc_common.constprop.0+0x178/0x258
>     do_el0_svc+0x4c/0x70
> 
> Fixes: 3e7f51bd9607 ("media: meson: add v4l2 m2m video decoder driver")
> Signed-off-by: Anand Moon <linux.amoon@gmail.com>
> ---
>  drivers/staging/media/meson/vdec/vdec.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/staging/media/meson/vdec/vdec.c b/drivers/staging/media/meson/vdec/vdec.c
> index 4b77ec1af5a7..a5ab0c2390f5 100644
> --- a/drivers/staging/media/meson/vdec/vdec.c
> +++ b/drivers/staging/media/meson/vdec/vdec.c
> @@ -914,6 +914,7 @@ static int vdec_open(struct file *file)
>  	return 0;
>  
>  err_m2m_release:

This goto is used twice. The second time is when vdec_init_ctrls() fails, and in
that case the v4l2_m2m_ctx is leaded. Can you add the missing label and call
v4l2_m2m_ctx_release() accordingly. This way we don't have to revisit again.

regards,
Nicolas

> +	v4l2_ctrl_handler_free(&sess->ctrl_handler);
>  	v4l2_m2m_release(sess->m2m_dev);
>  err_free_sess:
>  	kfree(sess);
> @@ -926,6 +927,7 @@ static int vdec_close(struct file *file)
>  
>  	v4l2_m2m_ctx_release(sess->m2m_ctx);
>  	v4l2_m2m_release(sess->m2m_dev);
> +	v4l2_ctrl_handler_free(&sess->ctrl_handler);
>  	v4l2_fh_del(&sess->fh, file);
>  	v4l2_fh_exit(&sess->fh);
>  
> 
> base-commit: 0031c06807cfa8aa51a759ff8aa09e1aa48149af

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

next prev parent reply	other threads:[~2026-03-19 20:35 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-04 10:05 [PATCH v1] media: meson: vdec: Fix memory leak in error path of vdec_open Anand Moon
2026-03-19 20:35 ` Nicolas Dufresne [this message]
2026-03-21  6:54   ` Anand Moon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9db109a657e18d1e5ead67d7db06cfaf68f7fa84.camel@ndufresne.ca \
    --to=nicolas@ndufresne.ca \
    --cc=gregkh@linuxfoundation.org \
    --cc=hverkuil@kernel.org \
    --cc=jbrunet@baylibre.com \
    --cc=khilman@baylibre.com \
    --cc=linux-amlogic@lists.infradead.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-media@vger.kernel.org \
    --cc=linux-staging@lists.linux.dev \
    --cc=linux.amoon@gmail.com \
    --cc=martin.blumenstingl@googlemail.com \
    --cc=mchehab@kernel.org \
    --cc=mjourdan@baylibre.com \
    --cc=neil.armstrong@linaro.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox